Cisco Security Advisory - Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021

Started by Netwörkheäd, February 13, 2021, 06:41:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

February 13, 2021, 06:41:25 PM
Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021

A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges.


The vulnerability is due to improper parsing of command line parameters that may result in a heap-based buffer overflow. An attacker could exploit this vulnerability by accessing a Unix shell on an affected device and then invoking the sudoedit command with crafted parameters or by executing a binary exploit. A successful exploit could allow the attacker to execute commands or binaries with root privileges.


This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM



     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2021-3156
Source: Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021
Let's not argue. Let's network!
Print
Go Up Pages1
User actions